Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP 5130 - Private-vlan and 802.1X

pierre_fr
Occasional Visitor

HP 5130 - Private-vlan and 802.1X

Hi everyone,

I am currently working with a customer on a new network build with core HP10500 and access HP5130. We also deploy a radius server (ClearPass) which will assign vlan to authenticated users.

For a specific part of users, we need to affect them a private-vlan. The configuration without 802.1X would be as below :

vlan 400

private-vlan primary

private-vlan secondary 401

vlan 401

private-vlan isolated

interface Gi1/0/1  => Users interfaces

port private-vlan host

port access vlan 401 => this commands will execute implicit macro on switch, and configuration will be as below :

port hybrid pvid 401

undo port hybrid vlan 1

port hybrid vlan untagged 400 to 401

 

This configuration seems to work (didn't test yet to see if it is perfectly isolated). Now, we are testing a way to affect the private-vlan dynamicly to the user with 802.1X authentication. According to 5130 datasheet, this is not supported. Is someone know a way to pass through this limitation (maybe send commands to switch to modify the configuration of interfaces) ?

 

Many thanks

Pierre